How to delegate Password Reset right to User

< All Topics

Steps to delegate Password Reset Right to helpdesk users to reset users’ password in AD

Assign Delegate Control permission

Right Click on the AD Domain or Particular OU and select Delegate Control


Add AD Users or Group


Select Reset user passwords and force password change at next logon




Remote Server Administration Tools for Windows 10

For Windows 10 October 2018 Update (1809) or below

Download and install RSAT for Windows 10

For Windows 10 October 2018 Update (1809) or above

RSAT is build into Windows 10 images, and it can be enabled with (Internet Connection is required)

#List all the RSAT tool available
Get-WindowsCapability -Name RSAT* -Online | Select-Object -Property Name,DisplayName, State

Name                                                     DisplayName                                                                          State
----                                                     -----------                                                                          -----
Rsat.ActiveDirectory.DS-LDS.Tools~~~~             RSAT: Active Directory Domain Services and Lightweight Directory Services Tools  Installed
Rsat.BitLocker.Recovery.Tools~~~~                 RSAT: BitLocker Drive Encryption Administration Utilities                       NotPresent
Rsat.CertificateServices.Tools~~~~                RSAT: Active Directory Certificate Services Tools                               NotPresent
Rsat.DHCP.Tools~~~~                               RSAT: DHCP Server Tools                                                         NotPresent
Rsat.Dns.Tools~~~~                                RSAT: DNS Server Tools                                                          NotPresent
Rsat.FailoverCluster.Management.Tools~~~~         RSAT: Failover Clustering Tools                                                 NotPresent
Rsat.FileServices.Tools~~~~                       RSAT: File Services Tools                                                       NotPresent
Rsat.GroupPolicy.Management.Tools~~~~             RSAT: Group Policy Management Tools                                             NotPresent
Rsat.IPAM.Client.Tools~~~~                        RSAT: IP Address Management (IPAM) Client                                       NotPresent
Rsat.LLDP.Tools~~~~                               RSAT: Data Center Bridging LLDP Tools                                           NotPresent
Rsat.NetworkController.Tools~~~~                  RSAT: Network Controller Management Tools                                       NotPresent
Rsat.NetworkLoadBalancing.Tools~~~~               RSAT: Network Load Balancing Tools                                              NotPresent
Rsat.RemoteAccess.Management.Tools~~~~            RSAT: Remote Access Management Tools                                            NotPresent
Rsat.RemoteDesktop.Services.Tools~~~~             RSAT: Remote Desktop Services Tools                                             NotPresent
Rsat.ServerManager.Tools~~~~                      RSAT: Server Manager                                                             Installed
Rsat.Shielded.VM.Tools~~~~                        RSAT: Shielded VM Tools                                                         NotPresent
Rsat.StorageMigrationService.Management.Tools~~~~ RSAT: Storage Migration Service Management Tools                                NotPresent
Rsat.StorageReplica.Tools~~~~                     RSAT: Storage Replica Module for Windows PowerShell                             NotPresent
Rsat.SystemInsights.Management.Tools~~~~          RSAT: System Insights Module for Windows PowerShell                             NotPresent
Rsat.VolumeActivation.Tools~~~~                   RSAT: Volume Activation Tools                                                   NotPresent
Rsat.WSUS.Tools~~~~                               RSAT: Windows Server Update Services Tools                                      NotPresent

Enable RSAT for AD Users & Computer

Add-WindowsCapability -online -Name "Rsat.ActiveDirectory.DS-LDS.Tools~~~~"

Reset user’s password with Active Directory Users and Computers

Login as user who had been delegated Password Reset Right and open Active Directory Users and Computers on Windows 10 and right click on users to Reset Password


Previous How to decommission AD Child Domain
Next How to Deploy Microsoft LAPS
Table of Contents